The Linux Router Project - Materhorn is a small signature (floppy based) distribution of linux suitable for creating a firewall or router. It's origin can be traced to the original LRP that is based on the 2.036 kernel whereas Materhorn is based on the 2.2.13 kernel. It has proven itself to be very reliable, robust, and extremely fast since it runs exclusively in ramdisk. It has been known to put many so called 'Commercial' products to shame in both areas of versatility as well as security. Ever noticed how the commercial routers as well as firewall vendors often add secure access management as a afterthought. Then they tend to use proprietary, obfuscated methodologies designed it seems more to confuse? Materhorn leverages recognized secure access methods that have been 'publically' and widely scrutinized. It requires little in the way of hardware since it is know to run reasonable well from the author's experience in less that 7.5 Meg of ram. Whereas for serious use any x86 computer with 16 Meg is more than adequate. So breath new life into your old 486, Pentium I or II and work more securely on the big I.
If you are looking for a cost effective solution to interfacing quite securely to the Internet then Materhorn is the way to go. It provides thru masquerading the ability to merge many to one. What does that mean? Say you have a network with a single ip either statically assigned or dynamically assigned Internet routable address then you now have with the LRP2 the ability to have many computers access the internet simultaneously if desired. You might also have the need for a straight router to separate your networks in your organization routing packets as required from source to destination. Well then LRP2 is a good choice that won't break your budget and allows for firewalling as well between networks if you so choose. The logic being the LRP2 provides a very flexible means of routing and/or firewalling your internal systems. Since the contents are saved to a floppy and the system runs entirely solid state in ram it is very secure. (Simply once you have configured exactly as you intend LRP2 to operate you need only set the floppy's read only tab and your set.) Even if the system fails or is altered you would simply reboot to restore Materhorn to your customized state of consciousness although if altered you definately need to research much further. ;-)) From DS1 WAN Router, RAS, to Wireless T1 bridge it can be done with the Materhorn.(Although most will leverage as a ethernet router of the 10/100 variety.) One of the more exotic uses are as superfast mini-webservers using thttp so it really depends on your specific needs.
Materhorn requires that one get up to speed on:
Remember that every adventure begins with a first step and you will be fine as i plan to take you there with this FAQ or cry trying..
Here are the basic commands you should know for this FAQ:
cd <- This command changes your directory
ls <- This command lists the contents of your working directory
exit <- This will exit you from your current terminal back to the login prompt
insmod <- This install a module for you if required
lsmod <- This will list the currently installed modules on the Materhorn
more <- This is often used to print to standard out a files contents
The above illustrates just how few commands are required to get up and running. any other commands you might need will be addressed as the need arises.
You ask all the good questions.. Well in a attempt to encapsulate better explanations here
goes..
1a - First the boot sector program "LDLINUX.SYS" in the root directory of your floppy is executed
1b - This is indicated by the echo to your console of "SYSLINUX 1.48 2004-09-26 by Peter Alvin"
It is important to note that the syslinux program produces the above boot loader (LDLINUX.SYS) that
makes your floppy bootable. ldlinux.sys also provides the intelligence to initialize the boot time
ramdisk that follows.
2a- The boot manager reads the syslinux.cfg file and determines that you have indicated you wish it to
create a ramdisk for the file called 'root.lrp' by the statement 'initrd=root.lrp'.
2b - root.lrp is searched for in the root directory of the floppy and if there is inserted into the
newly created ramdisk on your Materhorn system. This lrp file contains the base of your linux filesystem
that the rest of the lrp files will depend upon. It includes /, /bin, /lib, /opt, /root, /sbin, /usr, /var
and all they contain which now is deposited onto the ramdisk initiated by ldlinux.sys
3 - Then ldlinux.sys again goes to work this time determining whether it should display a boot message
before it sends you a prompt. It does this by reading the 'syslinux.cfg' file and scanning the statement
'display=syslinux.dpy' which is then displayed. This banner besides being good reading also tells you how
far exactly you have traveled in the boot process.
4- At this stage in the game you will be signaled by the console that it is now "Loading linux...".
Then the kernel as indicated is uncompressed into ram and the kernel is booted. As the stream of text
flies by this is a good sign as it means that your devices are being searched for and recognized or
not. Here Materhorn tells you as clearly as it can step by step what it is doing. As you scan
what the 'linux' kernel is telling you you will see a line that reads "RAMDISK" you want to pay close
attention from this time on. Here we see that root.lrp is located and then expanded into ramdisk. Then
at the root filesystem is then mounted as per line "VFS:" this is all good news. Then upon completion of
the root.lrp extraction we move onto.. "LINUXRC:" here the 'syslinux.cfg' is leveraged again this time for
the additional .lrp files that you wish loaded. For instance it might read 'LRP=etc,log,modules,sshd,dhclient'.
This is indicated at your console as "LINUXRC: Installing - etc log modules sshd dhclient - Finished"
meaning that these have been recognized and will be installed to use further down in the bootup proceedure.
Next we see "INIT:" which is real important as it tells us that the parent process of all processes to
follow is running or not at this point we are still booting. Next swap space is activated and our modules that we had
configured are installed onto our system. Here we want to pay particular attention to the fact that
we see our network card modules are loaded as well as the other masquerading modules we might want to
have. Continuing the kernel brings up our network cards ready for business as well as activates our
firewalling rules. Note that we setup our firewall rules before we actually allow any real transmission
to occur in any direction from our network cards. At this point we establish all our system specific
values, start our system daemons, and master daemon (inetd). Then we proceed to start our dhclient if
we are using dhcp for our external interface. This establishes as well our default route for packets
that the system does not know where to send locally. Then our firewall turns on forwarding so that
we can transmit and receive hopefully selectively packets from the big I.
5- Having completed a successful boot we now ask the kernel to have mgetty provides us with a login
prompt via way of the 'login' program which it does. At this point our happy owner of the Materhorn
would simply enter 'root' as the username prompt and their password at the 'password:' prompt.
First you need to obtain the various bundled packages and tools that will take you there. To begin the adventure first obtain NASM which is the Netwide Assembler that Syslinux has a dependency on during the build process. Get the latest version and build it. It is very portable and modular which assists on the why for how come. Next you need to grab the source for Syslinux which can be located at Syslinux-1.48 There are lots more locations for Peter's versatile program which has been released GPL. So if you don't like to build tars there are also .deb kicking around on many sites out here. Now onto the fun stuff we need to decide whether we are going to be doing this for a dynamic Internet routable ip or a static ip assigned by ARIN or whatever. Think about that last sentence and lets move on.
Just type at the login: prompt 'root' this will get you to the lrp config manager.
Simply hit enter but not too hard as you might damage your 'Enter' key. Note that the default password is blank so you will need to change this immediately to something much harder to guess;-))
Since Materhorn uses new 'ip' command rather than 'ifconfig' and 'route' you need to first get to the
command prompt for root. you do this by entering 'q' for quit till you drop down to the '#' prompt this
the the command shell prompt for entering any commands directly to the operating system. do a:
#ip addr show
You will see the following for example:
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: brg0:
link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
3: eth0:
link/ether bb:cc:dd:ee:ff:gg brd ff:ff:ff:ff:ff:ff
inet aaa.bbb.ccc.ddd/24 brd 255.255.255.255 scope global eth0
3: eth1:
link/ether cc:dd:ee:ff:gg:hh brd ff:ff:ff:ff:ff:ff
inet aaa.bbb.ccc.ddd/8 brd aaa.255.255.255 scope global eth1
You should see a reply from your system pretty much like the above with the exception that 'eth0' and
'eth1' will contain specifically your MAC address information as well as you current unedited ip
address information. You will not really need to change 'eth1' to have a working router but most
definately will need to change 'eth0' to reflect either your static ip address or the dynamic ip address.
The important thing is that your system has assigned some sort of ip addresses for you for 'lo', 'eth0',
and 'eth1'. Notice in the above example that all your interfaces are 'UP' this is the same as you would
see with 'ifconfig' if your hardware is recognized and the network cards are up ready to do business.
Later in the HOWTO i will describe howto configure for both dynamic and static address assignments but in
the meantime lets move forward.
This is again a new technology transition from the traditional 'route' to 'ip' equivalent. in order to
check for your routes to your various networks and 'really important' default route your need to do a:
#ip route show
This indicates what your network interfaces know to be true. For instance:
aaa.bbb.ccc.0/24 dev eth0 proto kernel scope link src aaa.bbb.ccc.ddd
aax.bbx.ccx.0/24 dev eth2 proto kernel scope link src aax.bbx.ccx.ddx
default via aaa.bbb.ccc.ddd dev eth0
The above example would indicate that aaa.bbb.ccc.ddd is your default route where all packets that are
unsure where else to go and you have not told where to go;-)) go to this network address to be routed
further down the line. To test that they are responding simply do for example a ping 10.123.123.123 or
what ever numbers are actually indicated above. If your get a reply you know that all is fine so far.
Else don't worry too much about it as yet as remember we are still setting up and most likely you have
yet to even boot your Materhorn. This information is important to remember though for our later diagnostics.
Here they are in a semi-organized fashion.
linux <- this is the linux operating system and is required. let me know if you can get the LRP to bootup
without it:-))
syslinux.cfg <- this file is what determines all your specific configuration info that Materhorn will use to
decide what *.lrp files it should install for you and how they will be configured. Syslinux reads this info
as the it manages the bootup process.
etc.lrp <- this is the specific configuration files for your system. ie. pretty much everything that configures
your devices and your specific connection with the network as well as services provided.
log.lrp <- this contains the directory structure and files where your system logs will live.
root.lrp <- this is your base filesystem directory structure and specific binaries that are available to
you by default. This is where your actual command programs originate.
syslinux.dpy <- although optional this is the nice LRP banner that comes up to you on bootup keep as
it also works as a measurement to tell you how far specifically you have gotten in the boot process.
ldlinux.sys <- this is where the Syslinux boot manager lives and must exist in order to boot conventionally
the Materhorn or the original LRP.
modules.lrp <- this contains the modules that you will be having the operating system leverage for your
specific needs. For instance ip_masq_ftp.o is required in order to do standard ftp as otherwise the data
channel never gets established.
Since i am writing this section when my eyes feel like their bleeding please inform me of any typos etc.
The one you want to locate is the dclient.lrp as this provides your system with the tools required to make this happen.
Grab psentry.lrp as this is psionics portsentry security program that does this on the fly. It used to called by a different name but i simply can't remember the name anymore:-()
The file that 'requires' editing is the file named 'syslinux.cfg' this contains the defaults which you
will note is enough for booting up a static LRP. This needs changes for a dyamincally assigned ip. Here
is what you do. First you most likely need a text editor so for instance using 'vi' do the following:
1 - change directory to the directory that the file called 'syslinux.cfg' is living. This will be one of
the files you pulled off the Internet. The reason i am suggesting your 'cd' there is that this is more
straight forward for first time users.
2- Next you want to issue a command of 'vi syslinux.cfg' at the command prompt.
3- The above will take you into the file for editing using 'vi'. Then simply move your cursor to the part
that says "LRP=etc,log,modules" this is where you will append the optional *.lrp files. Let do that for
dhclient. (Note: that in 2.036 the original one the above variable is "LRP=etc.lrp,log.lrp,modules.lrp" other
than that the concept the same) Move the cursor to the end of the 'modules' text and press your 'i' key.
This puts you into insert mode so what you want to do here is insert ",dhclient". Save your changes now
with a 'w!' (w bang) this command will write your changes to the 'syslinux.cfg' file. Last to exit the
vi editor do a 'q' which quits you from your present editing session. That is all there is to it!
You need to change the settings in 'syslinux.cfg' to reflect the needs of Materhorn which is different than the original LRP. Set it to "ramdisk_size=6184" on the appropiate line. Notice that i did not mention howto use 'vi' this time since i leave this up the second time around to the installer of the Materhorn.
Next Chapter, Previous Chapter
Table of contents of this chapter, General table of contents
Top of the document, Beginning of this Chapter